Jump to content
House Price Crash Forum

Largest Ever Case Of Hacking And Identity Theft

ScaredEitherWay
 Share

Recommended Posts

0
HOLA441
ScaredEitherWay

ScaredEitherWay

Posted
Posted (edited)

Mr Gonzalez broke into three large card processing systems:

- Hartland, a card processing company

- 7/11 convenience stores

- Hannifords, a national supermarkets

They circumvented firewalls and uploaded the details of 130,000,000 cards to servers in the US and other countries.

They planned to sell it on to steal money from the card holders

And there's more still being uncovered

http://news.bbc.co.uk/1/hi/world/americas/8206305.stm

Edited by ScaredEitherWay
Link to comment
Share on other sites
1
HOLA442
2
HOLA443
D.C.

D.C.

Posted
Posted
Mr Gonzales used a complicated technique known as an "SQL injection attack" to penetrate networks' firewalls and steal information, the US Department of Justice said

:o

Unforgivable.

SQL injection is very old and one of the most basic security exploits going, unbelievable that the code protecting 130 million credit cards is so poorly written.

Link to comment
Share on other sites
3
HOLA444
Guest KingCharles1st

Guest KingCharles1st

Posted
Posted
:o

Unforgivable.

SQL injection is very old and one of the most basic security exploits going, unbelievable that the code protecting 130 million credit cards is so poorly written.

Credit cards should be banned- then this sort of thing could not happen.

Link to comment
Share on other sites
4
HOLA445
arby1

arby1

Posted
Posted
Credit cards should be banned- then this sort of thing could not happen.

2 days ago the missus's DEBIT card had 2,500 charged to it on 4 separate transactions. what do you think the chances are of having it refunded? hsbc won't tell us that! and does that mean we can now blame this guy? makes a better story for us!

Link to comment
Share on other sites
5
HOLA446
porca misèria

porca misèria

Posted
Posted
SQL injection is very old and one of the most basic security exploits going, unbelievable that the code protecting 130 million credit cards is so poorly written.

Perfectly believable. Banks won't employ competent IT developers: "you're over-qualified, you'd be bored by it." They'll employ someone who is capable of deploying a bog-standard packet-filtering firewall (and a shrinkwrapped antivirus if on windoze), and then they're secure, innit? ;) SQL injection, being an application-layer thing, is unaffected.

They might even go so far as to deploy an application-layer firewall such as mod_security for Apache, but that's only as good as your ruleset, and that can only be reactive. Like that shrinkwrapped antivirus, but without the benefit of a centralised authority that gets to see threats as they happen.

Competent programmers who understand basic rules like sanitising all untrusted input (what the Perl folks call untainting)? Nope, Overqualified ....

Link to comment
Share on other sites
6
HOLA447
Guest skullingtonjoe

Guest skullingtonjoe

Posted
Posted
Perfectly believable. Banks won't employ competent IT developers: "you're over-qualified, you'd be bored by it." They'll employ someone who is capable of deploying a bog-standard packet-filtering firewall (and a shrinkwrapped antivirus if on windoze), and then they're secure, innit? ;) SQL injection, being an application-layer thing, is unaffected.

They might even go so far as to deploy an application-layer firewall such as mod_security for Apache, but that's only as good as your ruleset, and that can only be reactive. Like that shrinkwrapped antivirus, but without the benefit of a centralised authority that gets to see threats as they happen.

Competent programmers who understand basic rules like sanitising all untrusted input (what the Perl folks call untainting)? Nope, Overqualified ....

I doubt a lot of people out of uni would even know what PERL was - they`d probably think it`s some kind of `bling` you buy for your trophy girlfriend after your latest C# project!

Link to comment
Share on other sites
7
HOLA448
Guest DissipatedYouthIsValuable

Guest DissipatedYouthIsValuable

Posted
Posted
I doubt a lot of people out of uni would even know what PERL was - they`d probably think it`s some kind of `bling` you buy for your trophy girlfriend after your latest C# project!

No real coder has a girlfriend.

Very inconsistent interface which won't respond to debugging.

Link to comment
Share on other sites
8
HOLA449

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.




×
×
  • Create New...

Important Information

  I accept